package cn.watsontech.core.web.spring.security.authentication;

import cn.watsontech.core.service.AdminService;
import cn.watsontech.core.web.form.AdminRegisterForm;
import cn.watsontech.core.web.spring.aop.annotation.Access;
import cn.watsontech.core.web.spring.aop.annotation.AccessParam;
import cn.watsontech.core.web.spring.security.IUserLoginService;
import cn.watsontech.core.web.spring.security.IUserType;
import cn.watsontech.core.web.spring.security.LoginUser;
import cn.watsontech.core.web.spring.security.UserTypeFactory;
import cn.watsontech.core.web.spring.security.entity.Admin;
import java.util.ArrayList;
import java.util.Iterator;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import tk.mybatis.mapper.entity.Condition;

@Service
/* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AccountService.class */
public class AccountService implements UserDetailsService {
    private static final Logger log = LogManager.getLogger(AccountService.class);

    @Autowired
    AdminService adminService;

    @Autowired
    JdbcTemplate jdbcTemplate;

    @Autowired
    PasswordEncoder passwordEncoder;

    @Autowired
    UserTypeFactory userTypeFactory;
    UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
    UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
    final String[] defaultLoginSelectProperties = {"id", "username", "nickName", "gender", "avatarUrl", "mobile", "lastLoginDate", "lastLoginIp", "isEnabled", "expired", "locked", "credentialsExpired", "extraData", "createdTime"};

    /* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AccountService$DefaultPostAuthenticationChecks.class */
    private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
        private DefaultPostAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (userDetails.isCredentialsNonExpired()) {
                return;
            }
            AccountService.log.debug("User account credentials have expired, account = {}", userDetails);
            throw new CredentialsExpiredException("该账户密码已过期！");
        }
    }

    /* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AccountService$DefaultPreAuthenticationChecks.class */
    private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
        private DefaultPreAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (!userDetails.isAccountNonLocked()) {
                AccountService.log.debug("User account is locked, account = {}", userDetails);
                throw new LockedException("该账号已锁定！");
            }
            if (!userDetails.isEnabled()) {
                AccountService.log.debug("User account is disabled, account = {}", userDetails);
                throw new DisabledException("该账号已禁用！");
            }
            if (userDetails.isAccountNonExpired()) {
                return;
            }
            AccountService.log.debug("User account is expired, account = {}", userDetails);
            throw new AccountExpiredException("该账号已过期！");
        }
    }

    /* renamed from: loadUserByUsername, reason: merged with bridge method [inline-methods] */
    public LoginUser m49loadUserByUsername(@AccessParam String str) throws UsernameNotFoundException {
        String[] splitUsernameAndType = splitUsernameAndType(str, this.userTypeFactory);
        String str2 = splitUsernameAndType[0];
        IUserType valueOf = this.userTypeFactory.valueOf(splitUsernameAndType[1]);
        IUserLoginService loginUserService = this.userTypeFactory.getLoginUserService(valueOf);
        Assert.notNull(loginUserService, "未找到用户登录服务类，用户类型：" + valueOf);
        String[] defaultLoginSelectProperties = loginUserService.defaultLoginSelectProperties();
        if (defaultLoginSelectProperties == null || defaultLoginSelectProperties.length == 0) {
            defaultLoginSelectProperties = this.defaultLoginSelectProperties;
        }
        return loadAccountInfo("username", str2, valueOf, (String[]) ArrayUtils.add(defaultLoginSelectProperties, "password"), false);
    }

    @Access(value = "${access.loginByUsername.description}", save = "${access.loginByUsername.saveToDatabase}", level = "${access.loginByUsername.logLevel}")
    public LoginUser loginByUsername(@AccessParam String str, String str2, String str3) throws UsernameNotFoundException {
        return loginByUsername(str, str2, null, str3);
    }

    @Access("用户(%s)使用密码登录")
    public LoginUser loginByUsername(@AccessParam String str, String str2, String[] strArr, String str3) throws UsernameNotFoundException {
        String[] splitUsernameAndType = splitUsernameAndType(str, this.userTypeFactory);
        String str4 = splitUsernameAndType[0];
        IUserType valueOf = this.userTypeFactory.valueOf(splitUsernameAndType[1]);
        IUserLoginService loginUserService = this.userTypeFactory.getLoginUserService(valueOf);
        Assert.notNull(loginUserService, "未找到用户登录服务类，用户类型：" + valueOf);
        if (strArr == null || strArr.length == 0) {
            strArr = loginUserService.defaultLoginSelectProperties();
        }
        if (strArr == null || strArr.length == 0) {
            strArr = this.defaultLoginSelectProperties;
        }
        LoginUser loadAccountInfo = loadAccountInfo("username", str4, valueOf, (String[]) ArrayUtils.add(strArr, "password"), false);
        this.preAuthenticationChecks.check(loadAccountInfo);
        Assert.isTrue(this.passwordEncoder.matches(str2, loadAccountInfo.getPassword()), "密码不正确");
        this.postAuthenticationChecks.check(loadAccountInfo);
        loginUserService.updateLastLoginData(str3, loadAccountInfo.mo53getId());
        SecurityContextHolder.getContext().setAuthentication(createNewAuthentication(loadAccountInfo));
        return loadAccountInfo;
    }

    protected Authentication createNewAuthentication(LoginUser loginUser) {
        return new UsernamePasswordAuthenticationToken(loginUser, (Object) null, loginUser.getAuthorities());
    }

    @Access(value = "${access.loginByOpenId.description}", save = "${access.loginByOpenId.saveToDatabase}", level = "${access.loginByOpenId.logLevel}")
    public LoginUser loginByOpenId(@AccessParam String str) throws UsernameNotFoundException {
        return loginByOpenId(str, null);
    }

    @Access("小程序用户(%s)自动登录")
    public LoginUser loginByOpenId(@AccessParam String str, String[] strArr) throws UsernameNotFoundException {
        LoginUser.Type type = LoginUser.Type.user;
        Assert.notNull(this.userTypeFactory.getLoginUserService(type), "未找到用户登录服务类，用户类型：" + type);
        LoginUser loadAccountInfo = loadAccountInfo("openid", str, type, strArr, false, false);
        if (loadAccountInfo != null) {
            this.preAuthenticationChecks.check(loadAccountInfo);
            this.postAuthenticationChecks.check(loadAccountInfo);
            SecurityContextHolder.getContext().setAuthentication(createNewAuthentication(loadAccountInfo));
        }
        return loadAccountInfo;
    }

    @Access(value = "${access.loginByUserId.description}", save = "${access.loginByUserId.saveToDatabase}", level = "${access.loginByUserId.logLevel}")
    public LoginUser loginByUserId(@AccessParam String str) throws UsernameNotFoundException {
        return loginByUserId(str, null);
    }

    public LoginUser loginByUserId(@AccessParam String str, String[] strArr) throws UsernameNotFoundException {
        String[] splitUsernameAndType = splitUsernameAndType(str, this.userTypeFactory);
        LoginUser loadAccountInfo = loadAccountInfo("id", Long.valueOf(Long.parseLong(splitUsernameAndType[0])), this.userTypeFactory.valueOf(splitUsernameAndType[1]), strArr, false);
        this.preAuthenticationChecks.check(loadAccountInfo);
        this.postAuthenticationChecks.check(loadAccountInfo);
        return loadAccountInfo;
    }

    public LoginUser loadLoginAccount(Long l, IUserType iUserType) {
        return loadLoginAccount(l, iUserType, null);
    }

    public LoginUser loadLoginAccount(Long l, IUserType iUserType, String[] strArr) {
        Assert.notNull(this.userTypeFactory.getLoginUserService(iUserType), "未找到用户登录服务类，用户类型：" + iUserType);
        LoginUser loadAccountInfo = loadAccountInfo("id", l, iUserType, strArr, false);
        this.preAuthenticationChecks.check(loadAccountInfo);
        this.postAuthenticationChecks.check(loadAccountInfo);
        return loadAccountInfo;
    }

    private LoginUser loadLoginAccountInternal(Long l, IUserType iUserType) {
        return loadAccountInfo("id", l, iUserType, new String[]{"id", "username", "nickName", "gender", "avatarUrl", "mobile", "lastLoginDate", "extraData", "createdTime"}, true);
    }

    private LoginUser loadAccountInfo(String str, Object obj, IUserType iUserType, String[] strArr, boolean z) {
        return loadAccountInfo(str, obj, iUserType, strArr, z, true);
    }

    private LoginUser loadAccountInfo(String str, Object obj, IUserType iUserType, String[] strArr, boolean z, boolean z2) {
        if (str == null || obj == null) {
            return null;
        }
        IUserLoginService loginUserService = this.userTypeFactory.getLoginUserService(iUserType);
        Assert.notNull(loginUserService, "未找到用户登录服务类，用户类型：" + iUserType);
        if (strArr == null || strArr.length == 0) {
            strArr = loginUserService.defaultLoginSelectProperties();
        }
        if (strArr == null || strArr.length == 0) {
            strArr = this.defaultLoginSelectProperties;
        }
        LoginUser loadUserByUserIdentity = loginUserService.loadUserByUserIdentity(str, obj, strArr, z);
        if (z2 && loadUserByUserIdentity == null) {
            throw new UsernameNotFoundException("用户名未找到(" + obj + ")");
        }
        return loadUserByUserIdentity;
    }

    public static String[] splitUsernameAndType(String str, UserTypeFactory userTypeFactory) {
        int lastIndexOf = str.lastIndexOf("@");
        IUserType iUserType = LoginUser.Type.user;
        String str2 = str;
        if (lastIndexOf > 0) {
            try {
                iUserType = userTypeFactory.valueOf(str.substring(lastIndexOf + 1));
                str2 = str.substring(0, lastIndexOf);
            } catch (Exception e) {
            }
        }
        return new String[]{str2, iUserType.name()};
    }

    @Transactional
    public Admin registerAdmin(AdminRegisterForm adminRegisterForm, LoginUser loginUser) {
        Condition condition = new Condition(Admin.class);
        condition.createCriteria().andEqualTo("username", adminRegisterForm.getUsername());
        Assert.isNull(this.adminService.selectFirstByCondition(condition), "用户名已存在");
        Admin admin = new Admin();
        admin.setType(Integer.valueOf(adminRegisterForm.getType()));
        admin.setUsername(adminRegisterForm.getUsername());
        admin.setEnabled(true);
        admin.setMobile(adminRegisterForm.getMobile());
        admin.setGender(adminRegisterForm.getGender());
        admin.setNickName(adminRegisterForm.getNickName());
        admin.setAvatarUrl(adminRegisterForm.getAvatarUrl());
        admin.setEmail(adminRegisterForm.getEmail());
        admin.setAddress(adminRegisterForm.getAddress());
        admin.setTitle(adminRegisterForm.getTitle());
        admin.setDepartment(adminRegisterForm.getDepartment());
        admin.setAddress(adminRegisterForm.getAddress());
        if (!StringUtils.isEmpty(adminRegisterForm.getPassword())) {
            admin.setPassword(this.passwordEncoder.encode(adminRegisterForm.getPassword()));
        }
        admin.setExtraData(adminRegisterForm.getExtraData());
        admin.setCreatedBy(loginUser.mo53getId());
        admin.setCreatedByName(loginUser.getUsername());
        Assert.isTrue(this.adminService.insertSelective(admin) > 0, "添加管理员账号失败，请稍后再试");
        if (!CollectionUtils.isEmpty(adminRegisterForm.getRoleIds())) {
            ArrayList arrayList = new ArrayList();
            Iterator<Long> it = adminRegisterForm.getRoleIds().iterator();
            while (it.hasNext()) {
                arrayList.add(new Object[]{it.next(), admin.mo53getId(), loginUser.mo53getId()});
            }
            this.jdbcTemplate.batchUpdate("INSERT ignore INTO ref_admin_role (role_id, admin_id, created_by) VALUES (?, ?, ?)", arrayList);
        }
        return admin;
    }
}
